giomba
/
nes-proj
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #702 from simonduq/fix/mqtt-buffer-overflow 

MQTT buffer overflow fix
This commit is contained in:
George Oikonomou 2018-10-17 09:11:42 +01:00 committed by GitHub
parent 75b5c88992 5b58f6980e
commit cc5d75f677
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
os/net/app-layer/mqtt/mqtt.c
View File

@ -872,6 +872,7 @@ parse_publish_vhdr(struct mqtt_connection *conn,
/* Read out topic length */
if(conn->in_packet.topic_len_received == 0) {
conn->in_packet.topic_pos = 0;
conn->in_packet.topic_len = (input_data_ptr[(*pos)++] << 8);
conn->in_packet.byte_counter++;
if(*pos >= input_data_len) {
@ -880,7 +881,11 @@ parse_publish_vhdr(struct mqtt_connection *conn,
conn->in_packet.topic_len |= input_data_ptr[(*pos)++];
conn->in_packet.byte_counter++;
conn->in_packet.topic_len_received = 1;
/* Abort if topic is longer than our topic buffer */
if(conn->in_packet.topic_len > MQTT_MAX_TOPIC_LENGTH) {
DBG("MQTT - topic too long %u/%u\n", conn->in_packet.topic_len, MQTT_MAX_TOPIC_LENGTH);
return;
}
DBG("MQTT - Read PUBLISH topic len %i\n", conn->in_packet.topic_len);
/* WARNING: Check here if TOPIC fits in payload area, otherwise error */
}